The branch, MAINT_3_4_5 has been updated via 2f28ce9c800274190418da0945ce3647d36e1db6 (commit) from 4039683ab3ca63c979948e02345b6d38452f8dee (commit) - Log ----------------------------------------------------------------- commit 2f28ce9c800274190418da0945ce3647d36e1db6 Author: Herman van Rink <rink(a)initfour.nl> Date: Fri Aug 19 13:12:04 2011 +0200 [security] Fixed XSS in Inline Edit on save action ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + js/sql.js | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20e1751..1376169 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,7 @@ phpMyAdmin - ChangeLog - bug #3374347 [display] Backquotes in normal text on import page - bug #3358750 [core] With Suhosin, urls are too long in edit links - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 +- [security] Fixed XSS in Inline Edit on save action 3.4.3.2 (2011-07-23) - [security] Fixed XSS vulnerability, see PMASA-2011-9 diff --git a/js/sql.js b/js/sql.js index dbba441..842b6c6 100644 --- a/js/sql.js +++ b/js/sql.js @@ -1111,7 +1111,7 @@ function PMA_unInlineEditRow($del_hide, $chg_submit, $this_td, $input_siblings, } } } - $this_sibling.html(new_html); + $this_sibling.text(new_html); } }) } hooks/post-receive -- phpMyAdmin